File system changes
Drupal 7 will no longer be supported after January 5, 2025. Learn more and find resources for Drupal 7 sites
Purpose
This document outlines several methods to track changes to a website at the file or directory level; file system monitoring should be applied alongside regular file and database backups.
Goals
The goals of file system tracking include:
- Monitor changed and added files
- Log changes and additions
- Ability to revert granular changes
- Automated alerts
General approaches
Administrators can monitor file system via general technologies such as:
- System utilities
- Revision control
- OS/kernel level monitoring
Specific tools
Options for file system monitoring include:
- diff and drush make - build clean test copy of your site and compare against production
- Git - source code management
- inotify and incron - OS kernel level file monitoring service that can run commands on filesystem events
- Watcher, Python inotify library
- OSSEC - Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Considerations
When configuring a file-based monitoring strategy, there are many considerations, including the following:
Run the monitoring script/service as root
This would make it hard for attackers to disable or modify your file system monitoring solution.
Disable monitoring during scheduled maintenance/upgrades
This would prevent unnecessary notifications when you are performing regular maintenance on the site.
Monitor only executable filetypes
It may be reasonably safe to monitor only executable file types, such as .php files, etc. Unnecessary log entries and alerts may be reduced through the use of specific filtering.
Use strict file system permissions
Read about securing file permissions and ownership. In general, avoid allowing execute and write permissions when possible.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion